Automated operation and maintenance (use api to manage f5 equipment automatically)

Posted by simenss on Sat, 01 Jan 2022 02:31:26 +0100

preface

Using the built-in API of F5 device and python program, it can interact with F5 device in real time, so as to realize the requirements of fine patrol inspection, monitoring and automatic deployment. The official API reference manual is in the appendix, which is very comprehensive.

python libraries used: request, json, time

Example code function: automatic patrol inspection F5 equipment last active / standby switching time, active / standby machine configuration synchronization status, HA status and other information

F5 API interface

The full name of the API of F5 (taking LTM devices as an example) is called iControl REST API.

Generally speaking, it is to send an http request to the F5 device. After passing the authentication, F5 will return json format data. The data can include information such as VS, POOL name, VS, POOL status, etc. In addition to query operations, you can also complete new VS, POOL and other change operations through the API interface.

Using API interface, F5 can be operated automatically.

1. restful design style;
2. Certification;
3. Query operation, which can meet the requirements of monitoring and automatic patrol inspection;
4. Automatic deployment can be realized by changing operations;

About certification

If the login f5 device uses Cisco ACS authentication system, through my experiment, the user using ACS cannot pass the authentication.

Using the local user in F5, you can pass the authentication. The reason is temporarily unknown.

 

Using python to realize automatic patrol inspection

Design idea:

Use the python requrest library to simulate http get, post and other requests to obtain F5 device related information. Convert the obtained json format data into dict data structure, take the corresponding key values, sort them out and write them to the text file.

The following codes are for reference:

import requests
import json
import time

auth, ip = ('admin', 'epi@66585006'), '192.168.100.246'
timestamp= time.strftime("%Y-%m-%d %H-%M-%S", time.localtime()) 

url= 'https://' + ip + '/mgmt/tm/cm/sync-status'
#Get F5 device configuration synchronization status
url2= 'https://' + ip + '/mgmt/tm/cm/device'
#Obtain F5 device model, available modules and failover active / standby status
url3= 'https://' + ip + '/mgmt/tm/sys/failover'
#Get the last failover switching time of F5 device

result_failover= requests.get(url3, verify= False, auth= auth)
resp_failover= result_failover.text
failover_dict= json.loads(resp_failover)

result_sync= requests.get(url, verify= False, auth= auth)
resp_sync= result_sync.text
sync_dict= json.loads(resp_sync)

resp_hastatus= requests.get(url2, verify= False, auth= auth)
hastatus_dict= json.loads(resp_hastatus.text)

filename= 'f5/'+ timestamp + '.txt'
with open(filename, 'a') as f:
	f.write(ip+ ' last failover time: '+ failover_dict['apiRawValues']['apiAnonymous'])
	f.write(ip+ ' sync status is :'+ sync_dict['entries']['https://localhost/mgmt/tm/cm/sync-status/0']['nestedStats']['entries']['color']['description']+ '\n')
	f.write('HA status:'+ '\n'+ hastatus_dict['items'][0]['hostname']+ ','+ hastatus_dict['items'][0]['failoverState']+ '\n'+ hastatus_dict['items'][1]['hostname']+ \
	','+ hastatus_dict['items'][1]['failoverState']+ '\n\n')

 

achievements

After the patrol inspection is completed, a text file is generated according to the patrol inspection time.

The file includes the last active / standby switching time of the device, configuration synchronization status of the active / standby machine, HA status and other information.

 

 

 

Appendix (f5 api reference)

f5 official api reference manual:
https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_ltm.html

The function is very powerful. ltm, gtm, lc, irule, etc. all the information you want is in it.

 

Topics: api